DFARS 7012 Compliant and CMMC Ready Backup

Many organizations make a wise business risk decision to backup and/or archive critical information systems. This decision is now more complicated for Aerospace and Defense companies required to meet DFARS 7012, not including the potential security audits coming through the newly drafted Cybersecurity Maturity Model Certification (CMMC). These information systems likely house Controlled Unclassified Information (CUI), and so too will the respective backups. CMMC Levels 2 and 3, as of the latest draft release, will include the requirement for backup.

 With this in mind, it is critical to configure your backup environment to NIST 800-171 and meet the reporting requirements of DFARS 7012. One proper path is through a compliant Backup Solution in Azure Government. Below is a high level overview of this solution along with some example activities in the project.

• Azure Baseline Configuration - i.e. Build storage groups

• Setup Conditional Access Policies - i.e. Establish suspect countries
• Setup Azure Monitor and Reporting 
• Setup Azure Recovery Services
• Azure Network Implementation - i.e. Virtual network and subnets
• Azure Directory Implementation - i.e. Domain controllers and AD Connect
• Establish least privilege using Azure RBAC

Azure frees you from upfront capital expenses and the time it takes to manage services locally. And that means you can focus on what’s important: running your business.

Safeguard your business with unmatched security management and threat protection for all backed up applications and data, whether they’re on-premises or in the cloud. Plus, Azure has more security and certifications than any other cloud provider for DoD contractors.

The Summit 7 Team recently filmed a webinar on CMMC Backup Requirements and Strategies. Watch the video below: